This page describes how the current servers access & permissions are setup.
Using the user-defined bash script to create groups and users
...
. I avoid putting sudo instructions in the script because the file /etc/sudoers is sensitive to edit and should only be edit by su -c visudo
| No Format |
|---|
#!/bin/bash \# Author: Henry Jiang \# Script: setupAccess \# Summary: set up groups and users \# Syntax: setupAccess.sh <group> <user> if \[\[ \! $# > 0 \]\] then echo "Usage: setupAccess <group> <user> " exit fi if \[\[ $# == 0 \]\] then echo "Please specify a group name" exit fi if \[\[ $# == 1 \]\] then echo "Please specify a user name" exit fi group="$1" user="$2" defaultpass="newpass" password=`openssl passwd $defaultpass` if \[\[ \! $? == 0 \]\] then echo "openssl not installed\!" exit fi \#Try to create the group, if it already exist, add user to group groupadd \-r $group if \[\[ \! $? == 0 \]\] then echo "Group $group already exists, adding user: $user to group." useradd \-g $group \-p $password \-d /home/$user \-m $user if \[\[ $? == 0 \]\] then echo "User '$user' added to group '$group' with default password '$defaultpass'" exit else exit else echo "failed to create user" exit exit fi else echo "Group $group has been created, creating user: $user ..." useradd \-g $group \-p $password \-d /home/$user \-m $user if \[\[ $? == 0 \]\] then echo "User '$user' added to group '$group' with default password '$defaultpass'" exit else exit else echo "failed to create user" exit fi fi exit fi fi |
The above script is located at root's home folder(~), only root have permissions to rwx this file.
Setting up groups, users, and sudo on servers
DB
[root@CentOSDB17882 ~]# ./setupAccess.sh dbadmin henry
Group webadmin has been created, creating user: henry ...
User 'henry' added to group 'webadmin' with default password 'newpass'
WEB
[root@CentOSWeb17881 ~]# ./setupAccess.sh webadmin henry
Group webadmin has been created, creating user: henry ...
User 'henry' added to group 'webadmin' with default password 'newpass'
GEO
[root@CentOSGeo17883 ~]# ./setAccess.sh geoadmin henry
Group geoadmin has been created, creating user: henry ...
User 'henry' added to group 'geoadmin' with default password 'newpass'
Add group to sudoers
[root@CentOSGeo17883 ~]# su -c visudo
scroll to the bottom and add
| No Format |
|---|
## reboot, add any additional commands here
Cmnd_Alias USER_DEFINED = /sbin/reboot
## sudo commands allowed for geo admins
%geoadmin ALL = SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, USER_DEFINED
|
Same for other servers.
Groups for developers are also setup in the same manner:
For DB:
[root@CentOSDB17882 ~]# ./setupAccess.sh dbdev paul